Troubelshooting DHCP Listening Port Forwarding

I’m trying to make the DHCP Listen feature work to speed up presence detection on our iPhones.

I have read the binding documentation at Network - Bindings | openHAB and some threads in the community, including DHCP Listen is Broken. Can You Make it Go? - #2 by Udo_Hartmann and DHCP listen port forwarding issue.

I’m running openHAB 3.3M1 on a Pi4B running openhabian.

As expected, the dhcp_property of the Things is “No access right for port 67. Bound to port 6767 instead. Port forwarding necessary!” and the uses_ios_wakeup is “yes”.

I tried to enter the commands recommended in the binding documention:

sysctl -w net.ipv4.ip_forward=1
iptables -A INPUT -p udp --dport 6767 -j ACCEPT
iptables -t nat -A PREROUTING -p udp --dport 67 -j REDIRECT --to-ports 6767

the sysctl worked (once I prepended sudo). But the 1st iptables command does not work:

openhabian@openhab:~ $ iptables -A INPUT -p udp --dport 6767 -j ACCEPT
iptables v1.8.2 (nf_tables): unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.

Also, I’m not sure whether the next section of recommended commands applies to me. The documentation says:
If a DHCP server is operating on port 67, duplicate the received traffic and forward it to port 6767:

iptables -A PREROUTING -t mangle -p udp ! -s --dport 67 -j TEE --gateway
iptables -A OUTPUT -t nat -p udp -s --dport 67 -j DNAT --to

The Pi is connected to my router’s DHCP server. But I’m not sure if that means that a server is operating on port 67. I tried the netstat -a command I read about in one of the threads and it didn’t show anything for 67, but I’m not sure if that is relevant.

Thanks in advance for any suggestions on how to make this work.

The iptables commands need to be executed with root privileges ( sudo ) as well.
Does that help ?

In case your router does DHCP resp. no process is listening on port 67 then dhcpd is not running on your pi. As you are using openhabian per default no dhcpd is running on port 67.
You only need to use the rerouting part in case the binding cannot use port 67 because of privileges then.

Thank you. When I prepended sudo, the iptables command worked. Too bad Linux didn’t tell me that instead of just saying the the --dport option was unknown.

Now I will see if the response of the network binding to a reconnection improves.

1 Like

After making the above changes, I noticed a marked improvement in the response to the initial connection of our iPhones. The online channel on the iPhone Things reported on in a matter of seconds. Thanks for the help.

1 Like